-
1. Re: Channel encryption between teiid and database.
shawkins May 15, 2017 8:44 AM (in response to kulbhushanc)> But How to set encryption/SSL for the channel teiid server and database?
That will be vendor specific. Each database/driver should provide documentation on using SSL.
-
2. Re: Channel encryption between teiid and database.
kulbhushanc May 17, 2017 5:59 AM (in response to shawkins)Lets say I am enabling SSL for Mysql Database, if I am using plain jdbc connection @ client I have to write code similar like this:
Properties props = new Properties();
props.setProperty("user", "root");
props.setProperty("password", "root");
props.setProperty("javax.net.ssl.trustStore",
"D:\\truststore\\truststore.jks");
props.setProperty("javax.net.ssl.trustStoreType","JKS");
props.setProperty("javax.net.ssl.trustStorePassword","welcome123");
Connection conn = DriverManager.getConnection(url, props);How it will be look like for teiid or where it should place to enable SSL on teiid server?
-
3. Re: Channel encryption between teiid and database.
shawkins May 17, 2017 9:07 AM (in response to kulbhushanc)Here's a blog that outlines creating an SSL MySQL datasource on WildFly - https://mirocupak.com/secure-database-connection-with-wildfly/
-
4. Re: Channel encryption between teiid and database.
kulbhushanc May 18, 2017 6:03 AM (in response to shawkins)Thanks Steven,
Looks like blog describes, to enable ssl for one data-source only.
i.e.
export JAVA_OPTS="-server -Xms64m -Xmx512m \
-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true \
-Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true \
-Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=password \
-Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStorePassword=password"
by using this command we can configure only one keystore and truststore.
How do I configure more than one data source?
-
5. Re: Channel encryption between teiid and database.
shawkins May 18, 2017 7:55 AM (in response to kulbhushanc)You would need to check the documentation for each source type on how ssl is configured. If they still require you to use the system properties for keystore/truststore, that's fine as you should only need 1 set. For 2-way ssl presumably you'd keep using the cert from the keystore, and you would just keep adding the relevant server certs to the same truststore.